US9575798B2 - Method of managing tenant network configuration in environment where virtual server and non-virtual server coexist - Google Patents

Method of managing tenant network configuration in environment where virtual server and non-virtual server coexist Download PDF

Info

Publication number
US9575798B2
US9575798B2 US14/766,228 US201314766228A US9575798B2 US 9575798 B2 US9575798 B2 US 9575798B2 US 201314766228 A US201314766228 A US 201314766228A US 9575798 B2 US9575798 B2 US 9575798B2
Authority
US
United States
Prior art keywords
virtual
physical
instance
network
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active, expires
Application number
US14/766,228
Other languages
English (en)
Other versions
US20150363221A1 (en
Inventor
Atsumi Terayama
Toshio Otani
Akihisa Nagami
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hitachi Ltd
Original Assignee
Hitachi Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hitachi Ltd filed Critical Hitachi Ltd
Assigned to HITACHI, LTD. reassignment HITACHI, LTD. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: NAGAMI, AKIHISA, OTANI, TOSHIO, TERAYAMA, Atsumi
Publication of US20150363221A1 publication Critical patent/US20150363221A1/en
Application granted granted Critical
Publication of US9575798B2 publication Critical patent/US9575798B2/en
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45595Network integration; Enabling network access in virtual machine instances

Definitions

  • the present invention relates to a computer system in general, and more specifically to a method and an apparatus for managing the configuration of resource including, first of all, a network on a computer system comprising a mixture of virtual and physical servers.
  • Server virtualization techniques are popular, and the integration of a plurality of virtual servers onto a single piece of hardware (a single physical server) to construct a corporate information system has become the norm.
  • the physical resources of a physical server (CPU, memory, and so forth), which conventionally had been associated on a one-to-one basis with the physical server, can be divided into a plurality of server resources and effectively utilized by independently running a virtual server for each server resource.
  • virtual server host a physical server that has virtualization functions and can run a plurality of virtual servers, such a physical server being referred to hereinbelow as a “virtual server host”.
  • an operation method that utilizes, without any modification, a physical server that does not have a hypervisor (software having functions for running a plurality of virtual servers on a single physical server) as a processing environment is conceivable even in an environment where a virtual server exists.
  • a physical server that does not have a hypervisor monopolizes the physical resources possessed by a single hardware apparatus (the physical server), and therefore can make the most of the processing performance, and moreover, can be operated stably without receiving any influence from other servers.
  • These physical servers will be called non-virtual servers, or bare metal servers herein.
  • a non-virtual server has advantages from the standpoint of performance as mentioned above, it lacks flexibility of system construction compared to the virtual server host, which is capable of running a plurality of virtual servers.
  • cloud computing has been flourishing as a recent trend.
  • the cloud reduces operational and management costs and meets increasing dependence on information systems by aggregating and integratively managing a large number of servers in the cloud on a platform using virtualization.
  • a characteristic feature of the cloud is that it reinforces multi-tenant user management.
  • a tenant associates resources and/or a service menu provided by the cloud to each specific user group and/or organization.
  • a plurality of tenants share one cloud infrastructure, thereby making it possible to increase the utilization efficiency of the entire platform.
  • a mechanism for safeguarding security is essential so that an illegally access to the resources of a tenant by another tenant is inhibited.
  • security is ensured for each tenant by user authentication and network segmentation.
  • a management apparatus for configuring network policy is disposed on the network, and controls the authorization/non-authorization of communications between servers in accordance with the tenants, users, and virtual server applications.
  • a network configuration management apparatus like this must be capable of being flexibly created and changed in accordance with tenant and virtual server demands, and is realized as a virtual server called a network appliance.
  • Another requirement from the standpoint of performance is a mechanism that ensures stable operation without being affected by the operating state of a business system operating on another tenant. It is common to try to realize stable operations in a virtual server environment using load balancing that makes use of online virtual server migration, and by prioritizing control of the communications of each virtual server.
  • PTL 1 discloses a router configuration method and system for distributing a communication load over a network. In accordance with this system, it is possible to utilize a plurality of network routes in parallel, and to make effective and practical use of network resources.
  • PTL 2 discloses a method of efficiently managing the configuration in a multi-tenant environment.
  • the prior art does not disclose a technology that provides a network resource management method in a case where a non-virtual server and a virtual server that runs on a virtual server host coexist in the same tenant. This is because in the past the very concept of connecting a non-virtual server to the same tenant network as one configured from virtual servers for the purpose of stabilizing performance for a portion of a workload did not exist.
  • An object of the present invention is to construct an information system in which performance and costs are optimized in accordance with user requirements while operating a non-virtual server and a virtual server on the same tenant and ensuring independence from the perspectives of security and performance.
  • a management computer is connected to: a first physical server on which a virtual switch that controls a plurality of virtual instances (virtual servers) and a network between these virtual instances are operated; a second physical server on which a physical instance runs; and a physical switch to which the first physical server and the second physical server are connected, and which controls a network between the first physical server and the second physical server.
  • the management computer comprises virtual switch management information that shows a correlation between each of the plurality of virtual instances and an internal network to which the virtual instances connect, and physical switch management information that shows a correlation between the physical instances and an internal network to which the physical instances connect.
  • the management computer upon receiving a first instance creation request for creating a first virtual instance that connects to the same internal network as the physical instance, creates the first virtual instance on the first physical server, refers to the physical switch management information, identifies a first internal network to which the physical instance connects, and configures the virtual switch and the physical switch so that the first virtual instance connects to the first internal network.
  • the present invention it is possible to operate a plurality of tenants on the same physical hardware while providing each user with a secure tenant. It is also possible to construct an information system in which performance and costs are optimized in accordance with user requirements while operating a non-virtual server and a virtual server on the same tenant and ensuring independence from the perspectives of security and performance.
  • processes with low performance requirements can be properly aggregated in a small number of physical apparatuses using server virtualization, and processes with high performance requirements can be stably operated using the non-virtual server in accordance with the processing requirements at the time for a large number of business systems being used by users while ensuring the security of other tenants.
  • FIG. 1 shows the overall configuration of a computer system in an example of the present invention.
  • FIG. 2 shows the physical configuration of the computer system in an example of the present invention.
  • FIG. 3 shows the logical configuration of the computer system in an example of the present invention.
  • FIG. 4 shows the network configuration of the computer system in a first example of the present invention.
  • FIG. 5( a ) shows a VLAN ID management table in the first example of the present invention.
  • FIG. 5( b ) shows the VLAN ID management table in the first example of the present invention.
  • FIG. 6 shows a processing flow in the first example of the present invention.
  • FIG. 7 shows the network configuration of the computer system in a second example of the present invention.
  • FIG. 8 shows a concept of DHCP server-based network routing in the second example of the present invention.
  • FIG. 9 shows a network address management table in the second example of the present invention.
  • FIG. 10 shows in detail a management computer in the second example of the present invention.
  • FIG. 11 shows a processing flow in the second example of the present invention.
  • FIG. 12 shows groups of element management tables in the second example of the present invention.
  • FIG. 13 shows the relationship of management tables involved in VLAN ID management in the second example of the present invention.
  • FIG. 14 shows a concept of OS image management-based network routing in a third example of the present invention.
  • FIG. 15( a ) shows a concept of an external access load distribution method in a fourth example of the present invention.
  • FIG. 15( b ) shows a VLAN ID management table in the first example of the present invention.
  • a system for dynamically configuring a common network is provided in order to allow a non-virtual server to also exist and be used in a cloud environment configured from a virtual server.
  • procedures for creating virtual and non-virtual servers, and network configuration procedures performed as a part of the configuration procedures thereof will be described below.
  • FIG. 1 shows an overall image of a computer system in this example.
  • a user who receives a server application-based service uses a client computer 70 .
  • client computers 70 are physically connected via a local area network (LAN) 300 and a wide area network (WAN) 302 so as to be able to communication with one or more physical servers 10 and 20 .
  • LAN local area network
  • WAN wide area network
  • a physical gateway 500 is interposed on the boundary between the internal network and the external network, performs various processing for communications data that flows to this physical gateway 500 , and controls communications.
  • the configuration of the gateway and the functions possessed by the gateway will be explained in detail later.
  • FIG. 1 shows a simple configuration, but as needed, the gateway may be multistage, and the WAN 302 may be a LAN.
  • the WAN and/or the LAN may be either physically or logically segmented into a plurality of networks.
  • a management computer and a management interface for various other apparatuses are connected to one another via a management LAN 301 .
  • the one or more physical servers 10 and 20 are each connected to the storage apparatus 100 via a storage area network (SAN) 51 .
  • SAN storage area network
  • FIG. 2 shows more detailed physical and logical configurations of the apparatuses connected to the internal network.
  • the internal network 300 in FIG. 1 is represented as a network 61 in FIG. 2 .
  • At least one or more of a first physical server 10 , a second physical server 20 , the storage apparatus 100 , and the management computer 200 are physically connected to the network 61 .
  • one or more gateways 500 are connected to the boundary of the network 61 and a network 66 .
  • the network 66 in FIG. 2 corresponds to the external network 302 in FIG. 1 .
  • the first physical server 10 is provided with a CPU 11 , a memory 12 , a fibre channel interface (FC IF) 15 , and an Ethernet (hereinafter registered trademark) interface (Ether IF) 16 .
  • a CPU 11 a central processing unit (CPU) 11
  • a memory 12 a main memory 12
  • a fibre channel interface (FC IF) 15 a fibre channel interface
  • Ethernet (hereinafter registered trademark) interface (Ether IF) 16 At the least an OS 13 a is stored in the memory 12 , and in accordance with arithmetic processing by the CPU 11 provides processing resources to an application 13 b operating on the physical server 10 .
  • the physical server 10 may be called either a non-virtual server or a bare metal server.
  • the FC IF 15 is for carrying out communications with another apparatus via a network 51 , and is used mainly for the purpose of connecting a storage resource.
  • a communication standard other than the fibre channel may be used as long as it is an interconnection technique that achieves the same purpose, and a plurality of interfaces may be physically provided or the interface may be logically divided into a plurality of interfaces in accordance with the application.
  • the Ether IF 16 is for carrying out communications with other apparatuses via a network 60 , and is used for the purpose of communicating with other physical servers 10 , 20 , and the management computer 200 .
  • This interface may be based on a communication standard other than Ethernet as long as it is an interconnection technique that achieves the same purpose, and a plurality of interfaces may be physically provided or the interface may be logically divided into a plurality of interfaces in accordance with the application.
  • the second physical server 20 is provided with a CPU 21 , a memory 22 , an FC IF 25 , and an Ether IF 26 .
  • At the least an OS 23 a and a virtualization program 23 b are stored in the memory 22 , and in accordance with the arithmetic processing of the CPU 21 , partition the physical resources of the physical server 20 into one or more virtual resource areas and provide same to another OS or application 23 c .
  • the virtualization program 23 b does not necessarily have to be separate from the OS 23 a , and as long as a function for partitioning the physical server 20 into virtual resource areas is provided, may be implemented as one of the modules inside the OS 23 a , or may be implemented as the OS 23 a itself.
  • the virtualization program 23 b is generally called a virtual machine monitor (VMM) or a hypervisor, and in the following explanation these terms refer to the same thing.
  • VMM virtual machine monitor
  • a portion of the physical server 20 hardware is extracted as a closed resource area using a virtualization program 23 b function.
  • This resource area comprises the hardware of a single logical server called a virtual machine, and the second physical server 20 may be called a virtual machine host. Details concerning the FC IF 25 and the Ether IF 26 are the same as the case of the first physical server 10 .
  • the network 51 is for mutually connecting the one or more storage apparatuses 100 to the one or more physical servers 10 and 20 . This makes it possible for the physical servers 10 , 20 to communicate with the storage apparatuses 100 , and to provide the necessary storage resources when the applications 13 b , 23 c are operating.
  • One or more fibre channel switches (FC SW) 50 may be disposed on the network 51 .
  • the configuration of an FC SW 50 is configured by the management computer 200 via the network 61 to which an Ether IF 56 is connected.
  • the network 61 is used mainly for the following three purposes.
  • a first purpose is to provide service communications between the client computer 70 and the physical servers 10 and 20 .
  • the physical server 10 receives a processing request and/or processing-target data from the client computer 70 , and sends data that was either processed or created by the application 13 b to the client computer 70 once again.
  • a second purpose is to change the configurations of the physical servers 10 and 20 involved in the service communications. For example, a new application 23 c may be launched on the physical server 20 , or a resource area called a virtual server may be created on the virtualization program 23 b.
  • a third purpose is to change the configuration of the data network 51 between the physical servers 10 , 20 and the storage apparatus 100 .
  • this makes it possible to utilize storage resources by creating a storage resource unit called a volume, and configuring a logical communication channel with a physical server through a storage controller 150 of the storage apparatus 100 .
  • the storage apparatus 100 is formed by integrating a plurality of physical storage devices 101 , is provided with a storage controller 150 that controls the apparatus in a centralized manner, and provides a storage resource for storing data to another apparatus, such as a physical server.
  • a nonvolatile storage device called a hard disk drive (HDD) or a solid state drive, for example, is used as a physical storage device 101 .
  • HDD hard disk drive
  • solid state drive for example
  • the storage controller 150 is provided with a CPU 151 , a memory 152 , a cache 154 , an FC IF 155 , an Ether IF 156 , and a serial advanced technology attachment interface (SATA IF) 157 .
  • a response program 153 a that responds to a read/write request, and a storage control program 153 b that controls an apparatus logical configuration are stored in the memory 152 , and the functions of the storage apparatus 100 are realized in accordance with arithmetic processing by the CPU 151 .
  • the cache 154 is used mainly for improving a response performance of a storage resource with respect to a physical server read/write request.
  • the FC IF is for carrying out communications with another apparatus via the network 51 , and is used mainly for the purpose of connecting to the physical servers 10 , 20 .
  • a communication standard other than the fibre channel may be used as long as it is an interconnection technique that achieves the same purpose, and there may be a plurality of FC IFs depending on the number of physical servers.
  • the Ether IF 16 is for carrying out communications with another apparatus via a network 60 , and is used mainly for the purpose of connecting to the management computer 200 .
  • the management computer 200 is provided with a CPU 201 , a memory 202 , and an Ether IF 206 , and functions mainly to change the configuration of another apparatus. At least an OS 203 a that controls the management computer hardware, and a management program 203 b are stored in the memory 202 , and the functions of the management computer 200 are realized in accordance with the arithmetic processing of the CPU 201 . A plurality of management programs 203 b may be operated in accordance with the application so long as these programs do not exceed the processing capabilities allowed by the management computer 200 . The management program 203 b will be described in detail below.
  • the Ether IF 206 is for carrying out communications with another apparatus via the network 60 .
  • One or more physical gateways 500 exist on the boundaries of the internal network 61 and the external network 66 , and function to apply a specific policy to communication data that passes through the gateway and/or communication data that flows inside the internal network.
  • the gateway in this example is generally called a router, and, for example, implements either one or a plurality of functions, such as a layer 3 router, a firewall, network address translation (NAT), a proxy, a reverse proxy, a VPN router, and port forwarding.
  • the physical gateway 500 has a CPU 501 , a memory 502 , and an Ether IF 506 the same as the physical servers 10 and 20 and the management computer 200 .
  • An OS 503 a and either one or a plurality of network control programs 503 b reside in the memory 502 , and the functions of the physical gateway 500 are realized in accordance with the arithmetic processing of the CPU 501 . Furthermore, the physical gateway 500 possesses at least a plurality of Ether IFs 506 , and these interfaces can be logically categorized as an internal network 61 -side first interface 506 a and an external network 66 -side interface 506 b . The functions realized by the network control program 503 b will be described in detail below.
  • the network 66 is an external network as viewed from the physical servers 10 and 20 , the management computer 200 , and the storage apparatus 100 . Although not shown in FIG. 2 , there may be a gateway external to the network 66 . Also, the network 66 may be configured via an Ether SW 65 .
  • the computer system in this example provides functions for managing the configuration of virtual server and non-virtual server resources.
  • the configuration and functions of the system will be explained below by giving an example of a configuration procedure when creating a virtual server and a non-virtual server.
  • a server that is created in accordance with a user request and provides an information service to a client is called an instance
  • a virtual service is called a virtual instance
  • a non-virtual server is called a physical instance.
  • FIG. 3 shows the system configuration for controlling resources allocated to an instance in this example.
  • an end user accesses the management computer 200 using a management client 73 b on the client computer 70 .
  • the management computer 200 is connected to the client computer 70 via a management network 302 b , and receives an instance creation request transmitted by the management client 73 b in an integrated services managing unit 204 a , which is a kind of management program 203 b (or a configuration element).
  • the integrated services managing unit 204 a controls in a coordinated manner apparatus managing units (a server managing unit 204 b , a network managing unit 204 c , and a storage managing unit 204 b ) that manage the configurations of the respective apparatuses, and carries out the work of creating an instance.
  • apparatus managing units a server managing unit 204 b , a network managing unit 204 c , and a storage managing unit 204 b .
  • an instance is created using the following procedure.
  • the integrated services managing unit 204 a issues a volume creation request to the storage managing unit 204 d .
  • the storage managing unit 204 d reserves storage resources inside the storage apparatus 100 in a logical unit called a volume. In a case where an appropriate volume already exists, this volume creation procedure is omitted.
  • the volume is recognized by a server apparatus as a nonvolatile storage device, such as a disk drive, for example.
  • the storage managing unit 204 d responds to the integrated services managing unit 204 a with a volume status, and the identifier of the FC IF 155 capable of being used by the volume.
  • the integrated services managing unit 204 a selects a physical server for creating the instance in conjunction with the volume creation procedure.
  • the physical server 20 which meets the configuration requirements of the hypervisor, is selected, and when a physical instance is requested, the physical server 10 , which meets the configuration requirements of the instance, is selected.
  • the integrated services managing unit 204 a uses the network managing unit 204 c to configure a communication path on the FC SW 50 . This configuration is necessary because the FC SW 50 controls communication-enabled fibre channel ports using a technique called zoning. This makes it possible for the port 52 of the selected physical server 10 or 20 to communicate with the port 52 of the storage apparatus 100 .
  • the integrated services managing unit 204 a uses the storage managing unit 204 d to configure an access control function, such as host storage domain or LUN security.
  • the integrated services managing unit 204 a boots up an installer of either OS 13 d or 23 d through the server managing unit via which the volume is recognized as a disk device from the physical server, and implements a permanent OS environment 13 a on the disk drive.
  • Ordinary network installation technology that uses a PXE server or a TFTP server, for example, can be used to transfer the installer.
  • the integrated services managing unit 204 a installs middleware and/or the application 23 c .
  • As another method for implementing a new OS environment in a storage device like this there is a method that replicates an OS environment that has already been set up, and this will be described in detail below.
  • the instance 14 in the case of a physical instance 14 , the instance 14 is configured so that a volume 160 inside the storage apparatus 100 connects to the OS 13 a and data used by an application 13 b can be stored.
  • the server managing unit 204 b uses a hypervisor 23 b to create a file called a virtual disk 161 inside the volume 160 , and connects the virtual disk 161 to a guest OS 23 d of the virtual instance 24 . It is recognized from the guest OS 23 d of the virtual instance 24 as if a virtual disk drive 162 provided by the virtual disk 161 has been connected.
  • the configurations of the virtual disk 161 and the virtual instance 24 are directly controlled by the hypervisor 23 b.
  • the integrated services managing unit 204 a uses the network managing unit 204 c to configure an Ether SW 61 and/or an Ether IF for connecting to the internal network 300 , and also configures a gateway 500 for connecting to the external network 302 a . Details will be explained below in conjunction with a tenant network configuration method.
  • Information regarding the state of an instance is provided to the management client 73 b by the integrated services managing unit 204 a , and presented to the user.
  • the user uses a desired service client 73 a to utilize the information services of the respective instances via the service network 302 a .
  • the user can use the management client 73 b to change the configuration of an instance as needed.
  • the function for changing the configuration of an instance is the same as the case of instance creation described hereinabove in that this change is realized in accordance with the integrated services managing unit 204 a and the respective apparatus management units.
  • the integrated services managing unit 204 a uses a combination of configuration changing functions provided by the respective apparatus managing units to implement an instance configuration change required by the user.
  • One object of the present invention is to use either a virtual instance or a physical instance properly in accordance with application requirements and a user request.
  • a private network that bridges the virtual instance and the physical instance has to be configured to enable mutual communications.
  • the most common method of configuring a private network is to use a (Layer 2) VLAN and a (Layer 3) router.
  • Control of the range of network communicability can be realized using layer 2, or layer 3 network configuration, and can also be realized via other layers, but the method described in the present paragraph is widely used for constructing a flexible private network in accordance with a user request while ensuring security. That is, it is a method for configuring, on an internal network for which performance is required but there is no need to strengthen security, a network with assured layer 2 connectivity as a single layer 3 segment, and utilizing layer 3 routing control in external network communications with another segment that requires application-linked high-level security management.
  • a VLAN ID is assigned to one private network, which is independent from another private network at the layer 2 level.
  • To interconnect the different private networks a communication is performed via the layer 3 router using an IP address.
  • the private network that bridges the virtual instance and the physical instance constitutes layer 2 transmission, and, for example, configuration management that uses a DHCP or some other such broadcast can be utilized.
  • the present description describes a method for configuring a layer 2 network on Ethernet switches.
  • FIG. 4 shows an example of the configuration of a private network.
  • VLAN is a technique for logically multiplexing a single physical network apparatus that configures a LAN in accordance with an identifier called a VLAN ID that is assigned to a packet.
  • the VLAN ID can be configured and released on a switch apparatus and host Ether interface, but in an environment in which a plurality of hosts are created at arbitrary times like that targeted by the present invention, control may be deemed to be performed using switches alone.
  • the reason for not using a method of control that utilizes an Ether interface is because, according to this method, an Ether interface VLAN configuration most likely will not be possible until after the OS boots up, resulting in operations prior to OS boot-up becoming temporarily uncontrollable.
  • the configurations of all the apparatuses are controlled by the management computer 200 .
  • Each physical switch 60 b , and the virtual switches 406 and 412 which are implemented by the hypervisor on the virtual machine hosts 400 and 401 , conform to VLAN, and provide layer 2 (datalink layer) connectivity spanning a plurality of switches by assigning the same VLAN ID.
  • a layer 2 network is segmented by assigning different VLAN IDs.
  • a virtual Ether IF 405 of a virtual instance 403 is connected to a network with a VLAN ID of 10, and is able to communicate with a virtual instance 410 (on a different virtual machine host) that is connected to a network with the same VLAN ID of 10.
  • the virtual Ether IF 405 is unable to communicate with a virtual instance 402 (on the same virtual machine host) that is connected to a network with a VLAN ID of 1, which is different from the virtual instance 403 .
  • the physical switch 60 b configuration could be a configuration (trunk all) that allows all VLAN IDs for all ports.
  • the internal network is configured using a port-based VLAN. More specifically, on the physical switch 60 b , a port-based VLAN attribute (access mode) is assigned to port 415 to which the bare metal host is connected. This makes it possible for only ports that have the same VLAN ID to communicate. These port-based VLAN configurations are implemented by the network managing unit 204 b.
  • both the virtual instance and the physical instance must be connected to the same VLAN to communicate with one another.
  • the VLAN ID is the same, layer 2 connectivity is assured, and in the example of FIG. 4 , the Ether IF 16 a of the physical instance and the Ether IF 404 of the virtual instance communicate with one another via the internal network 413 with a VLAN ID of 1.
  • the port-based VLAN attribute is assigned to the port 415 at this time, but a tagged VLAN attribute must be assigned to the port 416 , and only VLAN IDs of 1 and 10 can be allowed. This is because the data sent and received by the two virtual instances 402 and 403 is multiplexed in the port 416 to the virtual machine host 400 .
  • the physical switch configuration which could have been trunk all in the past, must be appropriately controlled in accordance with the location of the instance.
  • the physical switch configurations and the virtual switch configurations are respectively implemented by the network managing unit 204 b and the server managing unit 204 c of different management systems, a new scheme is needed to achieve matching therebetween.
  • the integrated services managing unit 204 a provides a configuration management method that configures VLANs on a virtual switch and a physical switch so that there are no mismatches. More specifically, the configuration information of both the network managing unit 204 b , which has a physical switch VLAN ID management table 218 for managing the physical switch VLAN configuration, and the server managing unit 204 c , which has a virtual switch VLAN ID management table 219 for managing the virtual switch VLAN configuration, is referenced and configured.
  • FIG. 5( a ) shows the physical switch VLAN ID management table 218 .
  • This table stores a host ID 218 a , a switch ID 218 b , a port ID 218 c , a port attribute 218 d , and a VLAN ID 218 e .
  • This table preserves the port attribute configuration of the physical switch. For example, a second record shows that port #03 on switch SW 01 is a trunk port connected to VLAN IDs 1 and 10. When a plurality of physical switches are cascade-connected, the switch ID is preserved in the host ID field 218 a instead of that of the host.
  • FIG. 5( b ) shows the virtual switch VLAN ID management table 219 .
  • This table stores an instance ID 219 c , a switch ID 219 d , a port ID 219 e , and a VLAN ID 219 b .
  • This table preserves the port attribute configuration of the virtual switch in the same manner as the physical switch VLAN ID management table 218 .
  • These VLAN ID management tables reside on the management computer 200 , and are applied to physical switching apparatuses and virtual switches on virtual machine hosts in accordance with various management program configurations.
  • a characteristic network configuration of the present invention is illustrated in a processing flow shown in FIG. 6 .
  • a detailed description of the integrated services managing unit will be provided below, and the procedures for configuring a network using a VLAN will be described in detail here.
  • the purpose of this processing flow is to take advantage of the creation of a new instance to configure a private network that interconnects instances in an environment where a virtual instance and a physical instance coexist.
  • the processing flow in this example targets a procedure for adding an instance, and assumes that any of one or more existing instances are operating on the same VLAN.
  • a VLAN ID that is not in either VLAN ID management table should be reserved and the configuration should be implemented in the same manner as below.
  • the integrated services managing unit 204 a authenticates the user authorization, and the procedure for creating the aforementioned instance on an existing private network commences.
  • the user specifies existing instances between which mutual connections are desired and performs an add request for a new instance.
  • the procedure for creating the aforementioned instance is complete in Step 600 , then in Step 601 the instance is temporarily shut down, and processing moves to a procedure for configuring a private network.
  • Step 602 processing branches in accordance with the type of instance.
  • processing advances to Step 603 , where processing branches once again in accordance with whether a virtual instance or a physical instance is connected to the specified existing private network.
  • Step 603 When it has been determined in Step 603 that a virtual instance is connected to the private network, processing advances to Step 604 .
  • the integrated services managing unit 204 a refers to the virtual switch VLAN ID management table 219 , and identifies the virtual switch VLAN ID from the specified virtual instance ID.
  • the processing branches from Step 603 to Step 605 .
  • the integrated services managing unit 204 a refers to the physical switch VLAN ID management table 218 and identifies the physical switch VLAN ID from the specified physical instance ID (host ID).
  • host ID the specified physical instance ID
  • all the required VLAN configurations are implemented by tracing the switch IDs preserved in the host ID field 218 a.
  • the VLAN ID specified in the previous step is configured on the port of the physical switch in Step 606 . Furthermore, since the port is connected to a newly added bare metal host at this time, a port-based VLAN attribute is configured.
  • Step 606 The processing flow from the aforementioned Step 602 to Step 606 , for example, applies to the case in FIG. 4 where the physical instance 14 is created anew to be interconnected with the virtual instance 402 .
  • the integrated services managing unit 204 a on the basis of the instance ID of the virtual instance 402 , refers to the virtual switch VLAN ID management table 219 and identifies the VLAN ID 407 of the virtual switch 406 to which the instance 402 is connected.
  • the integrated services managing unit 204 a assigns the same VLAN ID 418 to the port 415 to which the newly created physical instance 14 is connected.
  • the connectivity between the existing virtual instance 402 and the new physical instance 14 is established based on a VLAN ID of 1.
  • Step 608 the integrated services managing unit 204 a refers to the VLAN ID configuration of the physical switch.
  • Step 609 the integrated services managing unit 204 a identifies to the VLAN ID of the virtual switch to which this virtual instance is connected.
  • Step 610 for configuring the VLAN ID identified in the previous step on the virtual switch
  • Step 611 for configuring the VLAN ID identified in the previous step on the physical switch. Furthermore, in Step 611 , since the virtual machine host is connected to the port of the physical switch, a tagged VLAN attribute is configured.
  • Step 602 to Step 611 applies to the case in FIG. 4 where the virtual instance 403 is created anew to be interconnected with the virtual instance 410 .
  • the integrated services managing unit 204 a on the basis of the instance ID of the virtual instance 410 , refers to the virtual switch VLAN ID management table 219 and specifies the VLAN ID 408 of the virtual switch 406 to which the instance 403 is connected.
  • the integrated services managing unit 204 a assigns the same VLAN IDs 408 and 419 to the ports 416 and 417 of the virtual switch 406 and the physical switch 60 b to which the newly created virtual instance 403 is connected.
  • the connectivity between the existing virtual instance 410 and the new virtual instance 403 is established based on a VLAN ID of 10.
  • Step 612 When the instance is re-booted in Step 612 , the instance is operated once again based on the aforementioned private network configuration. Communications using this network configuration are confirmed in the following Step 613 by receiving an ICMP by another instance on the private network to which the same VLAN ID has been assigned, for example.
  • the user is notified to the effect that use of the instance will commence.
  • the user may be notified of a network address together with user account information for accessing the instance.
  • the same VLAN that spans a plurality of physical switches and virtual switches is defined, and private networks on which physical instances and virtual instances coexist are configured. These private networks are logically segmented at the layer 2 level, and security from other private networks is assured.
  • the above-described configuration is realized without making changes to the management tables thereof.
  • a system that dynamically configures tenant networks in which virtual servers and non-virtual servers coexist in a cloud environment.
  • the system can be operated on the basis of network control policies configured for each tenant.
  • One object of the computer system described in this example is to control the feasibility of access to resources and applications for carrying out processing in accordance with the duties of a user and the authorization of an organization or the like to which the user belongs. This makes it possible to operate a desired business system without one's data being illegally accessed by another user, and/or having performance affected.
  • a gateway has a function for applying a communication policy to communications that flow over a network, and realizes access control therefor.
  • gateway refers to a network protocol converter for layer 4 and above, as well as to a layer 3 router.
  • a network appliance having either one or a plurality of functions for layer 3 and above protocol conversion and policy control, which will be described later, will be called a gateway.
  • a gateway is treated as a type of physical computer. More accurately, a gateway is a network control computer called a network appliance.
  • a gateway is a network control computer called a network appliance.
  • the configuration thereof is substantially the same as that of another physical server and/or management server, the only difference being the programs in the memory 502 and/or the number of Ether IFs 506 . Therefore, a gateway does not necessarily have to be installed as a physical computer, and may be realized as a type of virtual server.
  • processing that utilizes software in this example may be implemented by using hardware dedicated to executing the same processing.
  • a router/layer 3 switch is a function for performing routing control and/or protocol conversion in the network layer of the OSI reference model.
  • Implementation adopts a scheme for storing the IP addresses of neighboring routers and/or hosts in a destination table, and sending the destination table to a relevant apparatus in accordance with the destination address of a received communications packet. Therefore, processing for referencing destination information of a received packet, processing for deciding a destination in accordance with the referenced information, or processing for regularly updating the destination table are performed, and the processing load increases in accordance with increases in the amount of communications data and/or the number of connected hosts.
  • a function for connecting different data link layers for example, Ethernet and FDDI
  • a dedicated apparatus is often prepared.
  • a virtual router redundancy protocol may also be implemented to increase availability, and, in principle, a plurality of routers may exist.
  • the term “virtual router” may be used for the VRRP, but in this example refers to something that differs from a virtual gateway.
  • NAT network address translation
  • IPv4 global addresses were not prepared in sufficient numbers to be able to be assigned to all local computers.
  • An address is translated on a NAT gateway, which is a relay point, without changing the address of the local computer side to enable transparent communications with devices on the Internet.
  • TCP/IP installation guarantees the consistency of communications by using a combination of a local address and a port number.
  • NAT translates the IP address, but a function, called MAC address translation (MAT) that keeps the IP address the same and translates a MAC address may also be used.
  • MAT MAC address translation
  • a firewall is a function that allows/destroys/rejects a communication passing through a gateway in accordance with layer 3 control information (destination port number) and/or layer 4 protocols.
  • a firewall is mostly used to prevent unauthorized entry to an internal network from an external network for the purpose of increasing security, and it is important that the firewall be able to be flexibly configured in accordance with the applications of the hosts and the characteristics of the users connected to the internal network.
  • the status of a TCP/UDP session may be monitored, and an unauthorized communications packet may be blocked.
  • a proxy is a function mainly for using as a substitute a proxy server, which is able to interpret application layer protocols (for example, HTTP and/or FTP), to selectively carry out communications from an internal network to the outside world.
  • a proxy is introduced for the purpose of strengthening security, balancing loads, caching, and so forth. Since a different server responds on behalf of a specified communication partner, a proxy differs from NAT in that, because the address differs from that of the communication-requesting host, it is not transparent.
  • a proxy is provided with advanced functions for providing control at the application layer, such as redirecting the web browsing of a specific URL, but on the other hand, processing costs are high compared to a firewall that simply monitors port numbers and/or destination IP addresses.
  • a function that controls communications in the opposite direction that is, communications from an external network to an internal network so that these communications pass through a specific server, may be called a reverse proxy, and this function is included in this example.
  • the gateway described in this example assumes functions, such as a VPN router that constitutes the relay point/terminus of a virtual private network (VPN), a remote console gateway for providing a user interface that is remotely operable from an external network, and port forwarding for relaying the communication session of a specific port number destination.
  • VPN virtual private network
  • a function for controlling a network configuration is also provided.
  • a DHCP server function may be used to dynamically configure an IP address for an instance.
  • the tenant network configuration method will be explained by first describing an ordinary method of configuring a tenant network, and then describing the characteristic configuration method of the present invention.
  • a tenant network is used to ensure the resource security and processing performance of each tenant made up of users and/or a user group.
  • the most common method of configuring a private network is use of (Layer 2) VLAN and (Layer 3) routers taking into account network apparatus interchangeability and hypervisor product specifications at the present time.
  • Control of the range of network communicability can be realized using layer 2, or layer 3 network configuration, and can also be realized via other layers, but the method described in the present paragraph is widely used for constructing a flexible private network in accordance with a user request while ensuring security. That is, it is a method for configuring, on an internal network for which there is no need to strengthen security, a network with assured layer 2 connectivity as a single layer 3 segment, and utilizing layer 3 routing control in external network communications with another segment that requires application-linked high-level security management. According to this method, the tenant network constitutes layer 2 transmission, and, for example, configuration management that uses a DHCP or some other such broadcast can be utilized. Consequently, the present paragraph describes a method for configuring an ordinary tenant network by constructing a layer 2 network on Ethernet switches, and thereafter performing routing on a layer 3 network.
  • FIG. 7 shows an example of the configuration of a tenant network. A method for configuring a layer 2 network will be explained below using this drawing.
  • the configurations of all the apparatuses that is, the physical servers 10 and 20 , the physical gateway 500 , and the Ether switches 60 a and 60 b are managed by the management computer 200 .
  • the physical Ethernet interfaces are connected to the management network 301 and are able to communicate with one another.
  • the physical switches 60 a and 60 b , and a virtual switch 27 which is implemented by the hypervisor on a virtual machine host 20 , conform to VLAN, and provide layer 2 (datalink layer) connectivity by assigning the same VLAN ID.
  • the internal network is configured using port-based VLAN. More specifically, on the physical switch 60 b , a port-based VLAN attribute (access mode) is assigned to ports 62 b , 62 c , 62 d to which the bare metal host is connected. This makes communication possible only between ports having the same VLAN ID, and divides the physical switch 60 b into an internal network 63 a for hosts to communicate with one another, and an external network 63 b for communicating with the outside via a gateway.
  • An internal network 63 a , and an internal network side interface 506 a of the gateway 500 are prepared for each tenant, and, in principle, are only able to be used by the users and resources that belong to this tenant. In other words, the users and resources belonging to this tenant are separated at the layer 2 network level from the physical instance 14 that belongs to another tenant.
  • a tagged VLAN is configured on the virtual switch 27 and on the physical switch 60 b . More specifically, different VLAN Ids are assigned respectively to the internal network 63 a and the external network 63 b on the hypervisor-provided virtual switch 27 . Furthermore, a tagged VLAN attribute (either a trunk mode or a tagging mode) is configured on the virtual host-side port 62 a of the physical switch to allow communication of packets having the aforementioned VLAN ID tag configured on the virtual switch.
  • the trunk mode is configured for the physical switch so as to allow all tagged VLANs to communicate with one another.
  • This makes it possible to create a private network using only the virtual switch 27 configuration on the hypervisor, and there is no need to change the configuration of the physical switch each time. Therefore, in the management infrastructure of an existing virtual server environment, it is common for the physical switch not to have a configuration function.
  • the Ether interface 16 a of the physical instance and the Ether interface 29 of the virtual instance communicate with one another using the layer 2 internal network 63 a with a VLAN ID of 1.
  • a broadcast for example, will reach the physical instance 14 , the virtual instance 24 a , the physical gateway 500 , and the virtual gateway 24 b.
  • a gateway is installed, and connectivity with the external network 63 b is assured.
  • the connection with the gateway is controlled in the layer 3 network configuration.
  • a gateway is specifiable as a default gateway when configuring a network address in each instance. Specification-wise, (the IP address) of only one default gateway can be configured for one instance. Therefore, in an ordinary cloud environment, a virtual gateway 24 b is created for each tenant, and all communications with the external network are configured so as to go through the gateway 24 b . Furthermore, normally a subnet is created within the space of the same VLAN ID under the control of the gateway 24 b .
  • the OS that operates each instance has a routing table as its own network configuration information, and all communications with an address destination that is not in the routing table (an address that is an unknown location on the network and is not a neighboring host) are sent to the default gateway.
  • a desired tenant network can be constructed by configuring the network so that the physical instance connects to an existing virtual instance environment via a layer 2 network and goes through an existing virtual gateway.
  • the virtual gateway constitutes a performance bottleneck.
  • an advantage of being able to flexibly change configuration can be obtained when using a virtual gateway in the same manner as a virtual instance; however, the likelihood of the performance of the virtual gateway being affected by another virtual server cannot be ruled out.
  • a user who uses a physical instance expects stable performance, and it is extremely difficult for this user to put up with a gateway whose network performance fluctuates from one workload to the next.
  • a method of configuring a tenant network that solves for the above problems is provided. That is, it is a method that performs layer 3 routing control so that in the configuration shown in FIG. 7 , the virtual instance goes through the virtual gateway, and the physical instance goes through the physical gateway.
  • FIG. 8 shows a conceptual diagram of the configuration method.
  • the virtual instance 24 a and the physical instance 14 both connect to the internal network (LAN) 300 , and also connect to the external network (WAN) 302 a via gateways to provide a service to a client computer 70 .
  • an intercommunication 808 of the virtual instance 24 a and the physical instance 14 is performed within the same subnets connected via layer 2, but an external communication 801 with the virtual instance 24 a is performed via the virtual gateway 24 b , and an external communication 800 with the physical instance 14 is performed via the physical gateway 500 .
  • Both gateway configurations utilize a dynamic host configuration protocol (DHCP) server 802 .
  • the DHCP server 802 is installed on the LAN 300 side of one of gateways.
  • the DHCP server 802 delivers an IP address for use by the virtual instance 24 a , and also responds with the address (192.168.11.1 in the drawing) of the virtual gateway 24 b as a default gateway.
  • the DHCP server 802 responds to an IP address allocation request 807 in the same manner with an address (for example, 192.168.11.2) for the physical gateway 500 as a default gateway.
  • the DHCP server 802 in this example has a network address management table 815 that is shown in FIG. 9 .
  • the DHCP server identifies a DHCP client (in this example, the virtual instance and the physical instance) using a MAC address, and in accordance with a request, responds with a pool-managed IP address and specifies a subnet mask, a DNS server, and a default gateway.
  • a set comprising a MAC address 815 d and an allocation IP address 815 e is managed for an instance 815 a in the same manner.
  • a different gateway 815 f is specified in accordance with an instance type 815 b .
  • Each of these pieces of network configuration information is preserved by the OS of the relevant instance, and more accurately, in a network instance management area. The method for selecting an instance type 815 b and a gateway 815 f will be described later.
  • FIG. 10 shows a detailed configuration of a management program 203 b of the management computer 200 .
  • the above-described integrated services managing unit 204 a further comprises: a user request managing unit 211 for receiving a request from a management client 73 b ; an instance management table 212 for managing instance configuration information; an OS image library 213 for preserving an OS image to be introduced into an instance; an element managing unit 214 for managing the configurations of a group of apparatuses in the system; a gateway managing unit 217 for managing the configuration of a gateway; and a service orchestrator 210 that activates the same in a coordinated manner.
  • the respective apparatus managing units (the server managing unit 204 b , the network managing unit 204 c , and the storage managing unit 204 d ) subordinate to the integrated services managing unit 204 a are mainly controlled under the element managing unit 214 .
  • the element managing unit 214 is provided with an element management table group 215 that aggregates all apparatus configurations, and a comprehensive VLAN ID management table 216 that aggregates the VLAN IDs configured on network switches.
  • FIG. 11 shows a processing flow for configuring a tenant network accompanied by instance creation in this example.
  • the user request managing unit 211 of the integrated services managing unit 204 a authenticates the user authorization, and the above-described procedure for creating an instance commences.
  • An apparatus configuration is managed in the element management table group 215 shown in FIG. 12 .
  • the element management table group 215 is made up of management tables replicated from the apparatus managing units, for example, a server management table 820 for managing the configuration of a server apparatus, a physical switch management table 821 , and so forth. By examining the element management table group 215 , it is possible to ascertain the operating condition of an apparatus, and/or connection relationships and other such configurations.
  • association information 215 a created when an apparatus was registered in the management computer is included in the element management table group 215 , making it possible to learn, for example, which instance 820 d of which server 820 a is connected to the physical port 821 c of which switch 821 a .
  • the free capacity of the resources is acquired from each apparatus managing unit on the basis of the element management table group 215 , and a creation-destination apparatus determination is made.
  • Step 900 when the above-described procedure for creating an instance is complete, in Step 901 , the instance is temporarily shut down, and processing moves to the procedures for configuring the tenant network.
  • a VLAN ID is determined in accordance with a user request.
  • the association of a tenant and a VLAN ID is managed in the comprehensive VLAN ID management table 216 .
  • FIG. 13 shows this table in detail.
  • the network managing unit 204 c aggregates the information of the physical switch VLAN ID management table 218 and the virtual switch VLAN ID management table 219 without mismatches.
  • there is also a method for respectively preserving only the management tables for the virtual/physical switches but VLAN-based logical network segmentation can be appropriately configured even using a method for separately holding an aggregated management table like the comprehensive VLAN ID management table.
  • the virtual switch is one of the functions implemented by the hypervisor, and the management information thereof is preserved in the server managing unit 204 b .
  • the VLAN ID 216 b of the tenant ID 216 a specified by the user is referenced.
  • a new tenant ID 216 a and VLAN ID 216 b are reserved and added to the comprehensive VLAN ID management table 216 .
  • Step 903 the processing branches in accordance with whether the user request is a physical instance or a virtual instance.
  • a physical switch VLAN is configured. More specifically, a determination is made as to whether or not the relevant VLAN ID 218 e can be configured in the physical switch VLAN ID management table 218 (whether it duplicates another ID, or is within a configurable range from the standpoint of apparatus specifications), and the port attribute 218 d corresponding to the physical server (host) ID 218 a is configured to the access mode (port-based VLAN attribute).
  • usable physical gateway information is acquired from the gateway managing unit 217 specifying the instance gateway.
  • the gateway managing unit 217 preserves the internal network-side IP address of at least this gateway for specifying the physical gateway 500 .
  • an appropriate physical gateway for constructing a physical connection relationship does not exist, either the processing is terminated, or a new physical gateway is created using the same method as the method for creating a physical instance.
  • the same physical gateway is also configured for the DHCP server. More specifically, created instance information, the MAC address 815 d therefor, and a gateway IP address are registered in the network address management table 815 .
  • Step 906 first a virtual switch VLAN is configured. More specifically, a determination is made as to whether or not the VLAN ID 219 b can be configured in the virtual switch VLAN ID management table 219 , and a VLAN ID 219 b that corresponds to the tenant ID 219 a and the instance ID 219 c is configured. Next, in Step 907 , the corresponding physical switch VLAN ID management table 218 is edited.
  • Step 905 usable virtual gateway information is acquired from the gateway managing unit 217 specifying the instance gateway.
  • the gateway managing unit 217 preserves the internal network-side IP address of at least this gateway for specifying the virtual gateway 24 b .
  • an appropriate virtual gateway for constructing a physical connection relationship cannot be created, either the processing is terminated, or a new virtual gateway is created using the same method as the method for creating a virtual instance.
  • the same virtual gateway is also configured for the DHCP server. More specifically, created instance information, the MAC address 815 d therefor, and a gateway IP address are registered in the network address management table 815 .
  • Step 909 the instance operates by receiving a network configuration allocation from the DHCP server. Communications via this network configuration are confirmed in the following Step 910 by receiving an ICMP by another instance within the same tenant network, for example.
  • the user is notified by the user request managing unit 211 to the effect that use of the instance will commence. At this time, the user may be notified of a network address together with user account information for accessing the instance.
  • a tenant network is configured when a physical instance and a virtual instance have been added in accordance with a service level requested by the user.
  • a physical instance that requires stable performance operates using a stable-performance physical gateway
  • a virtual instance with high resource utilization efficiency operates using a high-efficiency virtual gateway. That is, overall optimization of computational processing resources and storage resources can be realized in accordance with the coexistence of virtual/non-virtual servers, and the overall optimization of network resources can also be realized in accordance with using either one of virtual/physical gateways properly.
  • the distribution ratio for communications with the external network is statically determined in accordance with the instance type requested by the user. Therefore, according to this example, it does not take a long time for proper load balancing to be realized, and the implementation of complex functions and high processing costs are not required as in the prior art-provided scheme for changing the load balancing method by monitoring the communications load.
  • the example focused on a tenant network being configured when an instance is created, but the target of the present invention is not limited thereto.
  • this function is realized by the same system configuration in a case where only a new tenant network is created, and also in a case where a virtual instance and a physical instance are mutually migrated.
  • the above-described tenant network configuration was realized using VLAN and layer 3 routing control, but the configuration of the present invention is not dependent on these technologies. Therefore, this function is realized by the same system configuration even in a case that uses a technique such as VXLAN, for example, which extends the layer 2 VLAN space by using a layer 3 communication to encapsulate a layer 2 communication.
  • this example provides a network configuration method that is not dependent on DHCP.
  • this example has the same system configuration as that of the first example.
  • this example is characterized in that a network configuration that has been customized in accordance with the virtual/physical instance type is maintained in the OS image library 213 .
  • the actual master image recorded in the OS image library 213 is stored on the storage apparatus 100 .
  • the master image 830 of physical instance 14 is a volume, and at the time the physical instance is created, a disk device 831 for boot-up is created using a copy function of the storage control program 153 b .
  • the master image 832 of the virtual instance takes the form of a virtual disk, and a virtual disk 833 for boot-up is created using a copy function of the hypervisor.
  • the network address management table 815 is held on the gateway managing unit 217 , and a corresponding network configuration is included in the master image by virtual/physical instance type. More specifically, either a master image is created by using a customized OS image of the network configuration, or an OS initialization file is configured so that the network configuration is read in when the instance is rebooted in Step 909 of FIG. 11 .
  • an IP address is statically assigned to a created instance, and a virtual/physical gateway is statically configured in accordance with the virtual/non-virtual server type.
  • a virtual/physical gateway is statically configured in accordance with the virtual/non-virtual server type.
  • a distribution function that takes into account a virtual/physical instance is provided for an access from the external network to the internal network.
  • a method of going through a gateway corresponding to an instance type mainly for an access from the internal network to the external network was described.
  • the performance requirements sought by the user are expressed as the number of physical instances and virtual instances. Therefore, a method of statically specifying a gateway in accordance with the scale of the virtual/physical instances on a tenant is believed to enable the realization of a more concise and effective improvement in performance than implementing complicated monitoring and load balancing functions for coping with unexpected fluctuations in access requests.
  • FIGS. 15( a ) and ( b ) two configurations, shown in FIGS. 15( a ) and ( b ) , respectively, for distributing accesses from the external network to a physical gateway and a virtual gateway are considered.
  • a first method uses a DNS.
  • a case in which the client computer 70 queries a DNS server 810 to resolve the access destination domain name to an IP address is considered.
  • the weighting as to whether the IP address of a physical gateway (or a physical instance) should be notified as the destination, or the IP address of a virtual gateway (or a virtual instance) should be notified as the destination is adjusted using the DNS server configuration. More specifically, the DNS server evaluates the performance ratios of the virtual and physical gateways or instances using a certain fixed value, and treats the result as a probability for an IP address response.
  • the second method disposes a load balancer 811 in front of the gateways.
  • the weighting as to whether to use the physical gateway (or physical instance) as the destination, or to use the virtual gateway (or virtual instance) as the destination is made proportional to the performance ratio of the gateways or instances.
  • the load balancer either operates as a proxy, or provides transparent access using NAT.
  • accesses from the external network are distributed to the physical gateways and the virtual gateways.
  • An external access distribution ratio is determined statically in accordance with the instance type requested by the user. Therefore, according to this example, it does not take a long time for proper load balancing of a client request to be realized, and the implementation of complex functions and high processing costs are not required as in the prior art-provided scheme for changing the load balancing method by monitoring the communications load.
US14/766,228 2013-02-25 2013-02-25 Method of managing tenant network configuration in environment where virtual server and non-virtual server coexist Active 2033-03-05 US9575798B2 (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2013/054655 WO2014128948A1 (ja) 2013-02-25 2013-02-25 仮想サーバおよび非仮想サーバ混在環境におけるテナントネットワーク構成の管理方法

Publications (2)

Publication Number Publication Date
US20150363221A1 US20150363221A1 (en) 2015-12-17
US9575798B2 true US9575798B2 (en) 2017-02-21

Family

ID=51390771

Family Applications (1)

Application Number Title Priority Date Filing Date
US14/766,228 Active 2033-03-05 US9575798B2 (en) 2013-02-25 2013-02-25 Method of managing tenant network configuration in environment where virtual server and non-virtual server coexist

Country Status (3)

Country Link
US (1) US9575798B2 (ja)
JP (1) JP5953421B2 (ja)
WO (1) WO2014128948A1 (ja)

Cited By (80)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150188778A1 (en) * 2013-12-27 2015-07-02 Red Hat Israel, Ltd. Normalized management network
US20170199766A1 (en) * 2014-09-30 2017-07-13 Amazon Technologies, Inc. Low latency computational capacity provisioning
US20180006713A1 (en) * 2016-03-29 2018-01-04 Space Systems/Loral, Llc Satellite system with handover for multiple gateways
US10277708B2 (en) 2016-06-30 2019-04-30 Amazon Technologies, Inc. On-demand network code execution with cross-account aliases
US10282229B2 (en) 2016-06-28 2019-05-07 Amazon Technologies, Inc. Asynchronous task management in an on-demand network code execution environment
US10348813B2 (en) * 2016-10-28 2019-07-09 International Business Machines Corporation Provisioning a bare-metal server
US10353678B1 (en) 2018-02-05 2019-07-16 Amazon Technologies, Inc. Detecting code characteristic alterations due to cross-service calls
US10353746B2 (en) 2014-12-05 2019-07-16 Amazon Technologies, Inc. Automatic determination of resource sizing
US10365985B2 (en) 2015-12-16 2019-07-30 Amazon Technologies, Inc. Predictive management of on-demand code execution
US10387177B2 (en) 2015-02-04 2019-08-20 Amazon Technologies, Inc. Stateful virtual compute system
US10402231B2 (en) 2016-06-29 2019-09-03 Amazon Technologies, Inc. Adjusting variable limit on concurrent code executions
US10528390B2 (en) 2016-09-23 2020-01-07 Amazon Technologies, Inc. Idempotent task execution in on-demand network code execution systems
US10552193B2 (en) 2015-02-04 2020-02-04 Amazon Technologies, Inc. Security protocols for low latency execution of program code
US10564946B1 (en) 2017-12-13 2020-02-18 Amazon Technologies, Inc. Dependency handling in an on-demand network code execution system
US10592269B2 (en) 2014-09-30 2020-03-17 Amazon Technologies, Inc. Dynamic code deployment and versioning
US10614047B1 (en) * 2013-09-24 2020-04-07 EMC IP Holding Company LLC Proxy-based backup and restore of hyper-V cluster shared volumes (CSV)
US10623476B2 (en) 2015-04-08 2020-04-14 Amazon Technologies, Inc. Endpoint management system providing an application programming interface proxy service
US10691498B2 (en) 2015-12-21 2020-06-23 Amazon Technologies, Inc. Acquisition and maintenance of compute capacity
US10725752B1 (en) 2018-02-13 2020-07-28 Amazon Technologies, Inc. Dependency handling in an on-demand network code execution system
US10733085B1 (en) 2018-02-05 2020-08-04 Amazon Technologies, Inc. Detecting impedance mismatches due to cross-service calls
US10754701B1 (en) 2015-12-16 2020-08-25 Amazon Technologies, Inc. Executing user-defined code in response to determining that resources expected to be utilized comply with resource restrictions
US10776171B2 (en) 2015-04-08 2020-09-15 Amazon Technologies, Inc. Endpoint management system and virtual compute system
US10776091B1 (en) 2018-02-26 2020-09-15 Amazon Technologies, Inc. Logging endpoint in an on-demand code execution system
US10824484B2 (en) 2014-09-30 2020-11-03 Amazon Technologies, Inc. Event-driven computing
US10831898B1 (en) 2018-02-05 2020-11-10 Amazon Technologies, Inc. Detecting privilege escalations in code including cross-service calls
US10884812B2 (en) 2018-12-13 2021-01-05 Amazon Technologies, Inc. Performance-based hardware emulation in an on-demand network code execution system
US10884802B2 (en) 2014-09-30 2021-01-05 Amazon Technologies, Inc. Message-based computation request scheduling
US10887382B2 (en) 2018-12-18 2021-01-05 Storage Engine, Inc. Methods, apparatuses and systems for cloud-based disaster recovery
US10884722B2 (en) 2018-06-26 2021-01-05 Amazon Technologies, Inc. Cross-environment application of tracing information for improved code execution
US10884787B1 (en) 2016-09-23 2021-01-05 Amazon Technologies, Inc. Execution guarantees in an on-demand network code execution system
US10891145B2 (en) 2016-03-30 2021-01-12 Amazon Technologies, Inc. Processing pre-existing data sets at an on demand code execution environment
US10908927B1 (en) 2019-09-27 2021-02-02 Amazon Technologies, Inc. On-demand execution of object filter code in output path of object storage service
US10915371B2 (en) 2014-09-30 2021-02-09 Amazon Technologies, Inc. Automatic management of low latency computational capacity
US10942795B1 (en) 2019-11-27 2021-03-09 Amazon Technologies, Inc. Serverless call distribution to utilize reserved capacity without inhibiting scaling
US10949237B2 (en) 2018-06-29 2021-03-16 Amazon Technologies, Inc. Operating system customization in an on-demand network code execution system
US10956185B2 (en) 2014-09-30 2021-03-23 Amazon Technologies, Inc. Threading as a service
US10958720B2 (en) 2018-12-18 2021-03-23 Storage Engine, Inc. Methods, apparatuses and systems for cloud based disaster recovery
US10983886B2 (en) 2018-12-18 2021-04-20 Storage Engine, Inc. Methods, apparatuses and systems for cloud-based disaster recovery
US10996961B2 (en) 2019-09-27 2021-05-04 Amazon Technologies, Inc. On-demand indexing of data in input path of object storage service
US11010188B1 (en) 2019-02-05 2021-05-18 Amazon Technologies, Inc. Simulated data object storage using on-demand computation of data objects
US11016815B2 (en) 2015-12-21 2021-05-25 Amazon Technologies, Inc. Code execution request routing
US11023416B2 (en) 2019-09-27 2021-06-01 Amazon Technologies, Inc. Data access control system for object storage service based on owner-defined code
US11023311B2 (en) 2019-09-27 2021-06-01 Amazon Technologies, Inc. On-demand code execution in input path of data uploaded to storage service in multiple data portions
US11057348B2 (en) 2019-08-22 2021-07-06 Saudi Arabian Oil Company Method for data center network segmentation
US11055112B2 (en) 2019-09-27 2021-07-06 Amazon Technologies, Inc. Inserting executions of owner-specified code into input/output path of object storage service
US11099870B1 (en) 2018-07-25 2021-08-24 Amazon Technologies, Inc. Reducing execution times in an on-demand network code execution system using saved machine states
US11099917B2 (en) 2018-09-27 2021-08-24 Amazon Technologies, Inc. Efficient state maintenance for execution environments in an on-demand code execution system
US11106477B2 (en) 2019-09-27 2021-08-31 Amazon Technologies, Inc. Execution of owner-specified code during input/output path to object storage service
US11115404B2 (en) 2019-06-28 2021-09-07 Amazon Technologies, Inc. Facilitating service connections in serverless code executions
US11119813B1 (en) 2016-09-30 2021-09-14 Amazon Technologies, Inc. Mapreduce implementation using an on-demand network code execution system
US11119826B2 (en) 2019-11-27 2021-09-14 Amazon Technologies, Inc. Serverless call distribution to implement spillover while avoiding cold starts
US11119809B1 (en) 2019-06-20 2021-09-14 Amazon Technologies, Inc. Virtualization-based transaction handling in an on-demand network code execution system
US11132213B1 (en) 2016-03-30 2021-09-28 Amazon Technologies, Inc. Dependency-based process of pre-existing data sets at an on demand code execution environment
US11146569B1 (en) 2018-06-28 2021-10-12 Amazon Technologies, Inc. Escalation-resistant secure network services using request-scoped authentication information
US11159528B2 (en) 2019-06-28 2021-10-26 Amazon Technologies, Inc. Authentication to network-services using hosted authentication information
US11178221B2 (en) 2018-12-18 2021-11-16 Storage Engine, Inc. Methods, apparatuses and systems for cloud-based disaster recovery
US11176002B2 (en) 2018-12-18 2021-11-16 Storage Engine, Inc. Methods, apparatuses and systems for cloud-based disaster recovery
US11188391B1 (en) 2020-03-11 2021-11-30 Amazon Technologies, Inc. Allocating resources to on-demand code executions under scarcity conditions
US11190609B2 (en) 2019-06-28 2021-11-30 Amazon Technologies, Inc. Connection pooling for scalable network services
US11243953B2 (en) 2018-09-27 2022-02-08 Amazon Technologies, Inc. Mapreduce implementation in an on-demand network code execution system and stream data processing system
US11250007B1 (en) 2019-09-27 2022-02-15 Amazon Technologies, Inc. On-demand execution of object combination code in output path of object storage service
US11252019B2 (en) 2018-12-18 2022-02-15 Storage Engine, Inc. Methods, apparatuses and systems for cloud-based disaster recovery
US11263220B2 (en) 2019-09-27 2022-03-01 Amazon Technologies, Inc. On-demand execution of object transformation code in output path of object storage service
US11360948B2 (en) 2019-09-27 2022-06-14 Amazon Technologies, Inc. Inserting owner-specified data processing pipelines into input/output path of object storage service
US11386230B2 (en) 2019-09-27 2022-07-12 Amazon Technologies, Inc. On-demand code obfuscation of data in input path of object storage service
US11388210B1 (en) 2021-06-30 2022-07-12 Amazon Technologies, Inc. Streaming analytics using a serverless compute system
US11394761B1 (en) 2019-09-27 2022-07-19 Amazon Technologies, Inc. Execution of user-submitted code on a stream of data
US11416628B2 (en) 2019-09-27 2022-08-16 Amazon Technologies, Inc. User-specific data manipulation system for object storage service based on user-submitted code
US11467890B2 (en) 2014-09-30 2022-10-11 Amazon Technologies, Inc. Processing event messages for user requests to execute program code
US11489730B2 (en) 2018-12-18 2022-11-01 Storage Engine, Inc. Methods, apparatuses and systems for configuring a network environment for a server
US11550944B2 (en) 2019-09-27 2023-01-10 Amazon Technologies, Inc. Code execution environment customization system for object storage service
US11550713B1 (en) 2020-11-25 2023-01-10 Amazon Technologies, Inc. Garbage collection in distributed systems using life cycled storage roots
US11593270B1 (en) 2020-11-25 2023-02-28 Amazon Technologies, Inc. Fast distributed caching using erasure coded object parts
US11656892B1 (en) 2019-09-27 2023-05-23 Amazon Technologies, Inc. Sequential execution of user-submitted code and native functions
US11714682B1 (en) 2020-03-03 2023-08-01 Amazon Technologies, Inc. Reclaiming computing resources in an on-demand code execution system
US11775640B1 (en) 2020-03-30 2023-10-03 Amazon Technologies, Inc. Resource utilization-based malicious task detection in an on-demand code execution system
US11861386B1 (en) 2019-03-22 2024-01-02 Amazon Technologies, Inc. Application gateways in an on-demand network code execution system
US11875173B2 (en) 2018-06-25 2024-01-16 Amazon Technologies, Inc. Execution of auxiliary functions in an on-demand network code execution system
US11943093B1 (en) 2018-11-20 2024-03-26 Amazon Technologies, Inc. Network connection recovery after virtual machine transition in an on-demand network code execution system
US11968280B1 (en) 2021-11-24 2024-04-23 Amazon Technologies, Inc. Controlling ingestion of streaming data to serverless function executions

Families Citing this family (57)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP6020273B2 (ja) * 2013-03-19 2016-11-02 富士通株式会社 監視装置,情報処理システム,監視方法および監視プログラム
WO2014188478A1 (ja) * 2013-05-20 2014-11-27 株式会社日立製作所 仮想環境と非仮想環境が混在するクラウドシステムにおける監視項目制御方法、管理計算機及び計算機システム
US10454714B2 (en) 2013-07-10 2019-10-22 Nicira, Inc. Method and system of overlay flow control
US9887960B2 (en) 2013-08-14 2018-02-06 Nicira, Inc. Providing services for logical networks
WO2015048921A1 (en) * 2013-10-02 2015-04-09 Telefonaktiebolaget L M Ericsson(Publ) A movable gateway, a dhcp server and respective methods performed thereby for enabling the gateway to move from a first access point to a second access point
US9602308B2 (en) * 2014-06-23 2017-03-21 International Business Machines Corporation Servicing packets in a virtual network and a software-defined network (SDN)
JP6467906B2 (ja) * 2014-12-19 2019-02-13 富士通株式会社 情報処理システム、情報処理方法、情報処理プログラム、及び情報処理装置
JP2016134721A (ja) * 2015-01-19 2016-07-25 富士通株式会社 情報処理システム、情報処理システムの制御方法及び管理装置の制御プログラム
US10341188B2 (en) * 2015-01-27 2019-07-02 Huawei Technologies Co., Ltd. Network virtualization for network infrastructure
WO2016146494A1 (en) * 2015-03-13 2016-09-22 Koninklijke Kpn N.V. Method and control system for controlling provisioning of a service in a network
US10498652B2 (en) 2015-04-13 2019-12-03 Nicira, Inc. Method and system of application-aware routing with crowdsourcing
US10135789B2 (en) 2015-04-13 2018-11-20 Nicira, Inc. Method and system of establishing a virtual private network in a cloud service for branch networking
US10425382B2 (en) 2015-04-13 2019-09-24 Nicira, Inc. Method and system of a cloud-based multipath routing protocol
US10419365B2 (en) * 2015-04-20 2019-09-17 Hillstone Networks Corp. Service insertion in basic virtual network environment
US20170063627A1 (en) * 2015-08-25 2017-03-02 Bluedata Software, Inc. Allocation of virtual clusters in a large-scale processing environment
US10491427B2 (en) * 2016-03-10 2019-11-26 Hitachi, Ltd. Computer system, gateway apparatus control method and storage medium
US9990222B2 (en) 2016-03-18 2018-06-05 Airwatch Llc Enforcing compliance rules against hypervisor and virtual machine using host management component
US10841273B2 (en) * 2016-04-29 2020-11-17 Nicira, Inc. Implementing logical DHCP servers in logical networks
US20200036624A1 (en) * 2017-01-31 2020-01-30 The Mode Group High performance software-defined core network
US10992568B2 (en) 2017-01-31 2021-04-27 Vmware, Inc. High performance software-defined core network
US11706127B2 (en) 2017-01-31 2023-07-18 Vmware, Inc. High performance software-defined core network
US20180219765A1 (en) 2017-01-31 2018-08-02 Waltz Networks Method and Apparatus for Network Traffic Control Optimization
US10778528B2 (en) 2017-02-11 2020-09-15 Nicira, Inc. Method and system of connecting to a multipath hub in a cluster
CN110447208B (zh) * 2017-03-19 2020-12-08 华为技术有限公司 一种网络切片的管理方法、单元和系统
US10523539B2 (en) 2017-06-22 2019-12-31 Nicira, Inc. Method and system of resiliency in cloud-delivered SD-WAN
JP2019029946A (ja) * 2017-08-03 2019-02-21 富士通株式会社 通信制御装置、通信制御システム、及び通信制御方法
US10999100B2 (en) 2017-10-02 2021-05-04 Vmware, Inc. Identifying multiple nodes in a virtual network defined over a set of public clouds to connect to an external SAAS provider
US10666460B2 (en) 2017-10-02 2020-05-26 Vmware, Inc. Measurement based routing through multiple public clouds
US11115480B2 (en) 2017-10-02 2021-09-07 Vmware, Inc. Layer four optimization for a virtual network defined over public cloud
US11223514B2 (en) 2017-11-09 2022-01-11 Nicira, Inc. Method and system of a dynamic high-availability mode based on current wide area network connectivity
US20200106669A1 (en) * 2018-09-27 2020-04-02 Nutanix, Inc. Computing node clusters supporting network segmentation
CN113542128B (zh) * 2018-10-12 2023-03-31 华为技术有限公司 一种发送路由信息的方法和装置
US11240160B2 (en) * 2018-12-28 2022-02-01 Alibaba Group Holding Limited Method, apparatus, and computer-readable storage medium for network control
WO2020180761A1 (en) * 2019-03-04 2020-09-10 Airgap Networks Inc. Systems and methods of creating network singularities
US11216297B2 (en) * 2019-04-29 2022-01-04 Hewlett Packard Enterprise Development Lp Associating virtual network interfaces with a virtual machine during provisioning in a cloud system
US11190508B2 (en) * 2019-06-27 2021-11-30 Vmware, Inc. Location-aware service request handling
US11252105B2 (en) 2019-08-27 2022-02-15 Vmware, Inc. Identifying different SaaS optimal egress nodes for virtual networks of different entities
US11044190B2 (en) 2019-10-28 2021-06-22 Vmware, Inc. Managing forwarding elements at edge nodes connected to a virtual network
US11394640B2 (en) 2019-12-12 2022-07-19 Vmware, Inc. Collecting and analyzing data regarding flows associated with DPI parameters
US11489783B2 (en) 2019-12-12 2022-11-01 Vmware, Inc. Performing deep packet inspection in a software defined wide area network
US11722925B2 (en) 2020-01-24 2023-08-08 Vmware, Inc. Performing service class aware load balancing to distribute packets of a flow among multiple network links
US11245641B2 (en) 2020-07-02 2022-02-08 Vmware, Inc. Methods and apparatus for application aware hub clustering techniques for a hyper scale SD-WAN
US11709710B2 (en) 2020-07-30 2023-07-25 Vmware, Inc. Memory allocator for I/O operations
CN111901177B (zh) * 2020-08-06 2022-08-30 鹏城实验室 一种裸金属服务器网络配置方法、系统及相关设备
US11575591B2 (en) 2020-11-17 2023-02-07 Vmware, Inc. Autonomous distributed forwarding plane traceability based anomaly detection in application traffic for hyper-scale SD-WAN
US11575600B2 (en) 2020-11-24 2023-02-07 Vmware, Inc. Tunnel-less SD-WAN
CN112653608B (zh) * 2020-12-14 2023-01-20 聚好看科技股份有限公司 一种显示设备、移动终端及跨网数据传输的方法
US11929903B2 (en) 2020-12-29 2024-03-12 VMware LLC Emulating packet flows to assess network links for SD-WAN
CN116783874A (zh) 2021-01-18 2023-09-19 Vm维尔股份有限公司 网络感知的负载平衡
US11979325B2 (en) 2021-01-28 2024-05-07 VMware LLC Dynamic SD-WAN hub cluster scaling with machine learning
US11388086B1 (en) 2021-05-03 2022-07-12 Vmware, Inc. On demand routing mesh for dynamically adjusting SD-WAN edge forwarding node roles to facilitate routing through an SD-WAN
US11729065B2 (en) 2021-05-06 2023-08-15 Vmware, Inc. Methods for application defined virtual network service among multiple transport in SD-WAN
US11489720B1 (en) 2021-06-18 2022-11-01 Vmware, Inc. Method and apparatus to evaluate resource elements and public clouds for deploying tenant deployable elements based on harvested performance metrics
US11375005B1 (en) 2021-07-24 2022-06-28 Vmware, Inc. High availability solutions for a secure access service edge application
US11880791B2 (en) * 2021-08-27 2024-01-23 Oracle International Corporation Attachment and detachment of compute instances owned by different tenancies
US11943146B2 (en) 2021-10-01 2024-03-26 VMware LLC Traffic prioritization in SD-WAN
US11909815B2 (en) 2022-06-06 2024-02-20 VMware LLC Routing based on geolocation costs

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003023444A (ja) 2001-07-06 2003-01-24 Fujitsu Ltd 仮想ルータを利用した動的な負荷分散システム
US20050198303A1 (en) * 2004-01-02 2005-09-08 Robert Knauerhase Dynamic virtual machine service provider allocation
US20100115101A1 (en) * 2008-03-07 2010-05-06 Antonio Lain Distributed network connection policy management
US20100223397A1 (en) * 2009-02-27 2010-09-02 Uri Elzur Method and system for virtual machine networking
US20110283017A1 (en) * 2010-05-14 2011-11-17 Microsoft Corporation Interconnecting Members of a Virtual Network
JP2012182605A (ja) 2011-03-01 2012-09-20 Hitachi Ltd ネットワーク制御システム及び管理サーバ
US20140244847A1 (en) * 2011-08-24 2014-08-28 Alcatel-Lucent Method for managing network resources within a plurality of datacenters

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5164628B2 (ja) * 2008-03-24 2013-03-21 株式会社日立製作所 ネットワークスイッチ装置、サーバシステム及びサーバシステムにおけるサーバ移送方法
JP4780237B2 (ja) * 2010-04-26 2011-09-28 株式会社日立製作所 障害回復方法

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003023444A (ja) 2001-07-06 2003-01-24 Fujitsu Ltd 仮想ルータを利用した動的な負荷分散システム
US20050198303A1 (en) * 2004-01-02 2005-09-08 Robert Knauerhase Dynamic virtual machine service provider allocation
US20100115101A1 (en) * 2008-03-07 2010-05-06 Antonio Lain Distributed network connection policy management
US20100223397A1 (en) * 2009-02-27 2010-09-02 Uri Elzur Method and system for virtual machine networking
US20110283017A1 (en) * 2010-05-14 2011-11-17 Microsoft Corporation Interconnecting Members of a Virtual Network
JP2012182605A (ja) 2011-03-01 2012-09-20 Hitachi Ltd ネットワーク制御システム及び管理サーバ
US20140244847A1 (en) * 2011-08-24 2014-08-28 Alcatel-Lucent Method for managing network resources within a plurality of datacenters

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
International Search Report of PCT/JP2013/054655.
Jiang, Xuxian, and Dongyan Xu. "Soda: A service-on-demand architecture for application service hosting utility platforms." High Performance Distributed Computing, 2003. Proceedings. 12th IEEE International Symposium on. IEEE, 2003. *

Cited By (97)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11675749B2 (en) 2013-09-24 2023-06-13 EMC IP Holding Company LLC Proxy based backup and restore of hyper-v cluster shared volumes (CSV)
US10614047B1 (en) * 2013-09-24 2020-04-07 EMC IP Holding Company LLC Proxy-based backup and restore of hyper-V cluster shared volumes (CSV)
US11599511B2 (en) 2013-09-24 2023-03-07 EMC IP Holding Company LLC Proxy based backup and restore of Hyper-V cluster shared volumes (CSV)
US20150188778A1 (en) * 2013-12-27 2015-07-02 Red Hat Israel, Ltd. Normalized management network
US10200239B2 (en) * 2013-12-27 2019-02-05 Red Hat Israel, Ltd. Normalized management network
US11561811B2 (en) 2014-09-30 2023-01-24 Amazon Technologies, Inc. Threading as a service
US10956185B2 (en) 2014-09-30 2021-03-23 Amazon Technologies, Inc. Threading as a service
US10108443B2 (en) * 2014-09-30 2018-10-23 Amazon Technologies, Inc. Low latency computational capacity provisioning
US10592269B2 (en) 2014-09-30 2020-03-17 Amazon Technologies, Inc. Dynamic code deployment and versioning
US10884802B2 (en) 2014-09-30 2021-01-05 Amazon Technologies, Inc. Message-based computation request scheduling
US10824484B2 (en) 2014-09-30 2020-11-03 Amazon Technologies, Inc. Event-driven computing
US11467890B2 (en) 2014-09-30 2022-10-11 Amazon Technologies, Inc. Processing event messages for user requests to execute program code
US11263034B2 (en) 2014-09-30 2022-03-01 Amazon Technologies, Inc. Low latency computational capacity provisioning
US10915371B2 (en) 2014-09-30 2021-02-09 Amazon Technologies, Inc. Automatic management of low latency computational capacity
US20170199766A1 (en) * 2014-09-30 2017-07-13 Amazon Technologies, Inc. Low latency computational capacity provisioning
US10353746B2 (en) 2014-12-05 2019-07-16 Amazon Technologies, Inc. Automatic determination of resource sizing
US11126469B2 (en) 2014-12-05 2021-09-21 Amazon Technologies, Inc. Automatic determination of resource sizing
US11360793B2 (en) 2015-02-04 2022-06-14 Amazon Technologies, Inc. Stateful virtual compute system
US10387177B2 (en) 2015-02-04 2019-08-20 Amazon Technologies, Inc. Stateful virtual compute system
US10853112B2 (en) 2015-02-04 2020-12-01 Amazon Technologies, Inc. Stateful virtual compute system
US11461124B2 (en) 2015-02-04 2022-10-04 Amazon Technologies, Inc. Security protocols for low latency execution of program code
US10552193B2 (en) 2015-02-04 2020-02-04 Amazon Technologies, Inc. Security protocols for low latency execution of program code
US10776171B2 (en) 2015-04-08 2020-09-15 Amazon Technologies, Inc. Endpoint management system and virtual compute system
US10623476B2 (en) 2015-04-08 2020-04-14 Amazon Technologies, Inc. Endpoint management system providing an application programming interface proxy service
US10754701B1 (en) 2015-12-16 2020-08-25 Amazon Technologies, Inc. Executing user-defined code in response to determining that resources expected to be utilized comply with resource restrictions
US10365985B2 (en) 2015-12-16 2019-07-30 Amazon Technologies, Inc. Predictive management of on-demand code execution
US10691498B2 (en) 2015-12-21 2020-06-23 Amazon Technologies, Inc. Acquisition and maintenance of compute capacity
US11243819B1 (en) 2015-12-21 2022-02-08 Amazon Technologies, Inc. Acquisition and maintenance of compute capacity
US11016815B2 (en) 2015-12-21 2021-05-25 Amazon Technologies, Inc. Code execution request routing
US10381748B2 (en) * 2016-03-29 2019-08-13 Space Systems/Loral, Llc Satellite system with handover for multiple gateways
US20180006713A1 (en) * 2016-03-29 2018-01-04 Space Systems/Loral, Llc Satellite system with handover for multiple gateways
US10891145B2 (en) 2016-03-30 2021-01-12 Amazon Technologies, Inc. Processing pre-existing data sets at an on demand code execution environment
US11132213B1 (en) 2016-03-30 2021-09-28 Amazon Technologies, Inc. Dependency-based process of pre-existing data sets at an on demand code execution environment
US10282229B2 (en) 2016-06-28 2019-05-07 Amazon Technologies, Inc. Asynchronous task management in an on-demand network code execution environment
US11354169B2 (en) 2016-06-29 2022-06-07 Amazon Technologies, Inc. Adjusting variable limit on concurrent code executions
US10402231B2 (en) 2016-06-29 2019-09-03 Amazon Technologies, Inc. Adjusting variable limit on concurrent code executions
US10277708B2 (en) 2016-06-30 2019-04-30 Amazon Technologies, Inc. On-demand network code execution with cross-account aliases
US10884787B1 (en) 2016-09-23 2021-01-05 Amazon Technologies, Inc. Execution guarantees in an on-demand network code execution system
US10528390B2 (en) 2016-09-23 2020-01-07 Amazon Technologies, Inc. Idempotent task execution in on-demand network code execution systems
US11119813B1 (en) 2016-09-30 2021-09-14 Amazon Technologies, Inc. Mapreduce implementation using an on-demand network code execution system
US10834178B2 (en) 2016-10-28 2020-11-10 International Business Machines Corporation Provisioning a bare-metal server
US10348813B2 (en) * 2016-10-28 2019-07-09 International Business Machines Corporation Provisioning a bare-metal server
US10564946B1 (en) 2017-12-13 2020-02-18 Amazon Technologies, Inc. Dependency handling in an on-demand network code execution system
US10733085B1 (en) 2018-02-05 2020-08-04 Amazon Technologies, Inc. Detecting impedance mismatches due to cross-service calls
US10353678B1 (en) 2018-02-05 2019-07-16 Amazon Technologies, Inc. Detecting code characteristic alterations due to cross-service calls
US10831898B1 (en) 2018-02-05 2020-11-10 Amazon Technologies, Inc. Detecting privilege escalations in code including cross-service calls
US10725752B1 (en) 2018-02-13 2020-07-28 Amazon Technologies, Inc. Dependency handling in an on-demand network code execution system
US10776091B1 (en) 2018-02-26 2020-09-15 Amazon Technologies, Inc. Logging endpoint in an on-demand code execution system
US11875173B2 (en) 2018-06-25 2024-01-16 Amazon Technologies, Inc. Execution of auxiliary functions in an on-demand network code execution system
US10884722B2 (en) 2018-06-26 2021-01-05 Amazon Technologies, Inc. Cross-environment application of tracing information for improved code execution
US11146569B1 (en) 2018-06-28 2021-10-12 Amazon Technologies, Inc. Escalation-resistant secure network services using request-scoped authentication information
US10949237B2 (en) 2018-06-29 2021-03-16 Amazon Technologies, Inc. Operating system customization in an on-demand network code execution system
US11836516B2 (en) 2018-07-25 2023-12-05 Amazon Technologies, Inc. Reducing execution times in an on-demand network code execution system using saved machine states
US11099870B1 (en) 2018-07-25 2021-08-24 Amazon Technologies, Inc. Reducing execution times in an on-demand network code execution system using saved machine states
US11243953B2 (en) 2018-09-27 2022-02-08 Amazon Technologies, Inc. Mapreduce implementation in an on-demand network code execution system and stream data processing system
US11099917B2 (en) 2018-09-27 2021-08-24 Amazon Technologies, Inc. Efficient state maintenance for execution environments in an on-demand code execution system
US11943093B1 (en) 2018-11-20 2024-03-26 Amazon Technologies, Inc. Network connection recovery after virtual machine transition in an on-demand network code execution system
US10884812B2 (en) 2018-12-13 2021-01-05 Amazon Technologies, Inc. Performance-based hardware emulation in an on-demand network code execution system
US10887382B2 (en) 2018-12-18 2021-01-05 Storage Engine, Inc. Methods, apparatuses and systems for cloud-based disaster recovery
US11252019B2 (en) 2018-12-18 2022-02-15 Storage Engine, Inc. Methods, apparatuses and systems for cloud-based disaster recovery
US11489730B2 (en) 2018-12-18 2022-11-01 Storage Engine, Inc. Methods, apparatuses and systems for configuring a network environment for a server
US11178221B2 (en) 2018-12-18 2021-11-16 Storage Engine, Inc. Methods, apparatuses and systems for cloud-based disaster recovery
US11176002B2 (en) 2018-12-18 2021-11-16 Storage Engine, Inc. Methods, apparatuses and systems for cloud-based disaster recovery
US10983886B2 (en) 2018-12-18 2021-04-20 Storage Engine, Inc. Methods, apparatuses and systems for cloud-based disaster recovery
US10958720B2 (en) 2018-12-18 2021-03-23 Storage Engine, Inc. Methods, apparatuses and systems for cloud based disaster recovery
US11010188B1 (en) 2019-02-05 2021-05-18 Amazon Technologies, Inc. Simulated data object storage using on-demand computation of data objects
US11861386B1 (en) 2019-03-22 2024-01-02 Amazon Technologies, Inc. Application gateways in an on-demand network code execution system
US11714675B2 (en) 2019-06-20 2023-08-01 Amazon Technologies, Inc. Virtualization-based transaction handling in an on-demand network code execution system
US11119809B1 (en) 2019-06-20 2021-09-14 Amazon Technologies, Inc. Virtualization-based transaction handling in an on-demand network code execution system
US11115404B2 (en) 2019-06-28 2021-09-07 Amazon Technologies, Inc. Facilitating service connections in serverless code executions
US11190609B2 (en) 2019-06-28 2021-11-30 Amazon Technologies, Inc. Connection pooling for scalable network services
US11159528B2 (en) 2019-06-28 2021-10-26 Amazon Technologies, Inc. Authentication to network-services using hosted authentication information
US11057348B2 (en) 2019-08-22 2021-07-06 Saudi Arabian Oil Company Method for data center network segmentation
US11055112B2 (en) 2019-09-27 2021-07-06 Amazon Technologies, Inc. Inserting executions of owner-specified code into input/output path of object storage service
US11023416B2 (en) 2019-09-27 2021-06-01 Amazon Technologies, Inc. Data access control system for object storage service based on owner-defined code
US11106477B2 (en) 2019-09-27 2021-08-31 Amazon Technologies, Inc. Execution of owner-specified code during input/output path to object storage service
US11394761B1 (en) 2019-09-27 2022-07-19 Amazon Technologies, Inc. Execution of user-submitted code on a stream of data
US11416628B2 (en) 2019-09-27 2022-08-16 Amazon Technologies, Inc. User-specific data manipulation system for object storage service based on user-submitted code
US11360948B2 (en) 2019-09-27 2022-06-14 Amazon Technologies, Inc. Inserting owner-specified data processing pipelines into input/output path of object storage service
US10996961B2 (en) 2019-09-27 2021-05-04 Amazon Technologies, Inc. On-demand indexing of data in input path of object storage service
US11386230B2 (en) 2019-09-27 2022-07-12 Amazon Technologies, Inc. On-demand code obfuscation of data in input path of object storage service
US11550944B2 (en) 2019-09-27 2023-01-10 Amazon Technologies, Inc. Code execution environment customization system for object storage service
US10908927B1 (en) 2019-09-27 2021-02-02 Amazon Technologies, Inc. On-demand execution of object filter code in output path of object storage service
US11263220B2 (en) 2019-09-27 2022-03-01 Amazon Technologies, Inc. On-demand execution of object transformation code in output path of object storage service
US11860879B2 (en) 2019-09-27 2024-01-02 Amazon Technologies, Inc. On-demand execution of object transformation code in output path of object storage service
US11023311B2 (en) 2019-09-27 2021-06-01 Amazon Technologies, Inc. On-demand code execution in input path of data uploaded to storage service in multiple data portions
US11656892B1 (en) 2019-09-27 2023-05-23 Amazon Technologies, Inc. Sequential execution of user-submitted code and native functions
US11250007B1 (en) 2019-09-27 2022-02-15 Amazon Technologies, Inc. On-demand execution of object combination code in output path of object storage service
US11119826B2 (en) 2019-11-27 2021-09-14 Amazon Technologies, Inc. Serverless call distribution to implement spillover while avoiding cold starts
US10942795B1 (en) 2019-11-27 2021-03-09 Amazon Technologies, Inc. Serverless call distribution to utilize reserved capacity without inhibiting scaling
US11714682B1 (en) 2020-03-03 2023-08-01 Amazon Technologies, Inc. Reclaiming computing resources in an on-demand code execution system
US11188391B1 (en) 2020-03-11 2021-11-30 Amazon Technologies, Inc. Allocating resources to on-demand code executions under scarcity conditions
US11775640B1 (en) 2020-03-30 2023-10-03 Amazon Technologies, Inc. Resource utilization-based malicious task detection in an on-demand code execution system
US11593270B1 (en) 2020-11-25 2023-02-28 Amazon Technologies, Inc. Fast distributed caching using erasure coded object parts
US11550713B1 (en) 2020-11-25 2023-01-10 Amazon Technologies, Inc. Garbage collection in distributed systems using life cycled storage roots
US11388210B1 (en) 2021-06-30 2022-07-12 Amazon Technologies, Inc. Streaming analytics using a serverless compute system
US11968280B1 (en) 2021-11-24 2024-04-23 Amazon Technologies, Inc. Controlling ingestion of streaming data to serverless function executions

Also Published As

Publication number Publication date
JPWO2014128948A1 (ja) 2017-02-02
JP5953421B2 (ja) 2016-07-20
US20150363221A1 (en) 2015-12-17
WO2014128948A1 (ja) 2014-08-28

Similar Documents

Publication Publication Date Title
US9575798B2 (en) Method of managing tenant network configuration in environment where virtual server and non-virtual server coexist
US11252023B2 (en) System and method for application of virtual host channel adapter configuration policies in a high-performance computing environment
US11336716B2 (en) System and method for supporting heterogeneous and asymmetric dual rail fabric configurations in a high performance computing environment
US11888899B2 (en) Flow-based forwarding element configuration
EP3602962B1 (en) System and method to provide multicast group membership defined relative to partition membership in a high performance computing environment
CN106462408B (zh) 到云计算环境中的工作空间的低延迟连接
US11177978B2 (en) Connecting virtual computer networks with overlapping IP addresses using transit virtual computer network
US8725898B1 (en) Scalable port address translations
US9736016B2 (en) Managing failure behavior for computing nodes of provided computer networks
JP5976942B2 (ja) ポリシーベースのデータセンタネットワーク自動化を提供するシステムおよび方法
US8565118B2 (en) Methods and apparatus for distributed dynamic network provisioning
US8331362B2 (en) Methods and apparatus for distributed dynamic network provisioning
WO2020060826A1 (en) Segment routing with fast reroute for container networking
CN116210204A (zh) 用于vlan交换和路由服务的系统和方法
US20150124823A1 (en) Tenant dhcp in an overlay network
WO2021202288A1 (en) Software-defined network orchestration in a virtualized computer system
US11070394B2 (en) System and method for redundant independent networks in a high performance computing environment
EP4111647A1 (en) Vrf segregation for shared services in multi-fabric cloud networks
US20240022452A1 (en) Dynamic on-demand virtual private network (vpn) session distribution for gateways
CN117561705A (zh) 用于图形处理单元的路由策略
CN117597894A (zh) 用于图形处理单元的路由策略
CN116648892A (zh) 虚拟化云环境中的层2联网风暴控制
CN114365462A (zh) 使用混合分布式逻辑路由器的云环境中的l3底层路由

Legal Events

Date Code Title Description
AS Assignment

Owner name: HITACHI, LTD., JAPAN

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:TERAYAMA, ATSUMI;OTANI, TOSHIO;NAGAMI, AKIHISA;SIGNING DATES FROM 20150709 TO 20150721;REEL/FRAME:036268/0309

STCF Information on status: patent grant

Free format text: PATENTED CASE

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 4